Adds first-class social login (GitHub, Google, GitLab, Atlassian, ...) built
on Laravel Socialite, mirroring the existing restifyAuth macro + restify:auth
publish flow.
- Route::restifySocialAuth() macro: /auth/social/{provider}/redirect + /callback
- restify:social command: publishes migration, appends route, prints env +
config/services.php per provider, optional --publish of controllers/resolver
- social_accounts table for multi-provider account linking
- SocialAccount model, HasSocialAccounts trait, default SocialUserResolver
- Override points: config (providers/scopes/model/resolver/controllers),
Restify::resolveSocialUserUsing() runtime hook, or fully published classes
- SPA / API-token flow returning a Sanctum token (same shape as login)
- laravel/socialite as optional (suggest + dev) dependency
- Feature tests: redirect, create+link+token, link-by-email, resolver override
Restify Social Auth (OAuth)
Adds social login (GitHub, Google, GitLab, Atlassian/Jira, …) to Restify, built on Laravel Socialite and mirroring the existing
Route::restifyAuth()macro +restify:authpublish flow.Why
On almost every app built on Restify we re-implement the same "Connect with GitHub/Atlassian" plumbing by hand: install Socialite, write redirect + callback controllers, a table for linked accounts, find-or-create-user logic, then issue a Sanctum token. This makes it a one-command, config-driven package feature instead — apps add credentials and run a command rather than rebuilding the wiring each project.
One command, fully scaffolded
social_accountsmigration (one user ↔ many linked providers)Route::restifySocialAuth();toroutes/api.phpconfig/services.php(idempotent, valid PHP){PROVIDER}_CLIENT_ID/SECRET/REDIRECT_URIto.envand.env.examplewith the redirect pre-filled to${APP_URL}/api/auth/social/{provider}/callback--installrunscomposer require socialiteproviders/{provider}for community drivers (atlassian, jira, …)The only manual step left is the irreducible one: registering the OAuth app on the provider's dashboard to obtain the client id/secret.
Escape hatches:
--no-routes,--no-env,--no-services,--publish.Endpoints
Two per provider (SPA / API-token flow, same token shape as
restifyAuthlogin):Fully overridable
restify.auth.social) — providers, scopes, token name, stateless, optionalredirect_urlRestify::resolveSocialUserUsing(fn ($provider, $oauthUser, $request) => ...)resolver/model/controllersrestify:social --publishcopies controllers + resolver into the app$user->socialAccounts,$user->hasSocialProvider('github')via theHasSocialAccountstrait.Why it's good for the package
suggestdependency; non-social installs are unaffectedrestify.auth.socialNotes
socialiteproviders/*package —--installhandles it, otherwise the command tells you which..env/services.php) lives in pure, idempotent static helpers with unit coverage.